If There Needs To Be An Investigation, It Should Be About Why The FBI Was Reading Certain Emails

from the friendly-fire dept

While some have noted the irony of General Petreaus being taken down due to online surveillance methods that he should have been aware of, the case is bringing growing attention to an issue many of us have been discussing for a while: how easy it is for law enforcement to snoop through your email. We raised the question already, but as more info comes out, the whole thing is looking that much more questionable.

Julian Sanchez keeps trying to find out exactly what legal process the FBI used to go through a variety of email accounts based on an apparently non-criminal cyberstalking claim (which was apparently brought to the FBI by a non-cyber-focused agent who had seemed to have a crush on the "victim"of the cyberstalking), and notes that there are big questions about what process was used to go through these emails and how much oversight was involved:

To Julian Sanchez, a research fellow at the Cato Institute, the real scandal over the Petraeus affair is not the extramarital sex, but the invasion of privacy.

"Law enforcement and certainly intelligence agencies have an incredible amount of ability to gather huge volumes of detailed information about people's most intimate online communications, a lot of it without requiring a full-blown warrant, a lot of it without requiring even any kind of judicial approval," Sanchez said.

Meanwhile, Chris Soghoian, working for the ACLU, highlights some of what's been revealed about the snooping. For example, FBI agents tracked down Patricia Broadwell as the email sender, even though she was using throwaway accounts, because webmail providers record the IP address from whence someone logs in -- and Broadwell didn't conceal that info. Apparently, the IP addresses were a series of hotels, and cross-checking with guest lists, it didn't take long to narrow down the only real suspect. Oh, and none of that info required judicial oversight for the FBI to get:

The guest lists from hotels, IP login records, as well as the creative request to email providers for “information about other accounts that have logged in from this IP address” are all forms of data that the government can obtain with a subpoena. There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press). Unfortunately, our existing surveillance laws really only protect the “what” being communicated; the government’s powers to determine “who” communicated remain largely unchecked.

He also delves into the method by which Petreaus and Broadwell communicated -- by sharing an account and communicating via "drafts" that were saved. For the head of the CIA you'd think he'd use a method that wasn't long known to be just as (if not more) insecure than regular email. Soghoian tears apart this supposedly "secret" method of communicating:

For more than a decade, a persistent myth in Washington DC, fueled by several counterterrorism experts, has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a “draft” folder. This technique has been used by Khaled Sheikh Mohammed, Richard Reid (the shoe bomber), the 2004 Madrid train bombers, terrorists in Germany, as well as some domestic “eco-terrorists.” This technique has appeared in federal court documents as early as 2003, and was described in a law journal article written by a DOJ official in 2004. It is hardly a state secret.

Apparently, this method was also used by General Petraeus. According to the Associated Press, “[r]ather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic ‘dropbox,’ the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace.”

The problem is, like so many other digital security methods employed by terrorists, it doesn’t work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy).

Ironically enough, by storing emails in a draft folder, rather than an inbox, individuals may be making it even easier for the government to intercept their communications. This is because the Department of Justice has argued that emails in the “draft” or “sent mail” folder are not in “electronic storage” (as defined by the Stored Communications Act), and thus not deserving of warrant protection. Instead, the government has argued it should be able to get such messages with a mere subpoena.

Got all that? It's even more info that the FBI may have been able to obtain without ever having to get approval from a judge. That's not to say they didn't necessarily go before a judge to get a warrant or similar tool for surveillance, but it does highlight just how much info the FBI can obtain without any real oversight, and how it's entirely possible for it to be abused -- taking a very limited situation (non-criminal online harassment) and turning it into something massive.

In fact, as the EFF's Trevor Timm notes, we should be investigating the FBI over why it was snooping through people's emails and how frequently it does this. He notes, as others have, that nothing about the origination of this case should have resulted in FBI involvement, let alone reading people's emails. Remember, early on, no one knew this had anything to do with General Petreaus or any other high ranking official:

The spark that set events in motion was a handful of
allegedly harassing emails sent anonymously to Kelley, a friend of Petraeus's,
which she brought to a friend at the FBI. Yet it's unclear why an investigation
was ever opened, given that everything publicly known about the emails suggests
they weren't illegal.

As the Daily Beast reported, they
said things like "Who do you think you are? ... You parade around the base ... You
need to take it down a notch." The story noted, "when the FBI friend showed the emails to
the cyber squad in the Tampa field office, her fellow agents noted that the
absence of any overt threats."

It seems the deciding factor in opening the investigation
was not the emails' content, but the fact that the FBI agent was friendly with
Kelley. (Even more disturbing, the same FBI agent has now been accused of becoming "obsessed" with the Tampa socialite, sent
shirtless pictures to her, and has been removed from the case.)

Basically, it sounds like the FBI had very questionable reasons for digging all that deep into this case at all. Michael Davis, at the Daily Beast, notes that the emails were typical "cat-fight stuff," with no indication of illegal activity:

When the FBI friend showed the emails to the cyber squad in the Tampa field office, her fellow agents noted that the absence of any overt threats.

The squad was not even sure the case was worth pursuing, the source says.

“What does this mean? There’s no threat there. This is against the law?” the agents asked themselves by the source’s account.

At most the messages were harassing. The cyber squad had to consult the statute books in its effort to determine whether there was adequate legal cause to open a case.

“It was a close call,” the source says.

So while there's all sorts of talk of investigations into who should have known the details of what was going on at what time, no one seems to be questioning why a simple "cat fight" resulted in the FBI digging in and reading people's emails. Yet, that seems like something we should all be quite worried about.

Classic Obama

We all know Obama ordered the FBI to get some dirt on Petreaus so his plan to have the Ambassador to Libya murdered wouldn't be revealed by Petreaus. The ambassador had the evidence that proved Obama was born in Kenya and was about to reveal it. So Obama had Mark Basseley Youssef create the anti-islam film knowing it would cause a protest, then sent his muslim friends attack the compound. The problem was that Petreaus found out. So he sent Patricia Broadwell back in time to have an affair with Petreaus, and then used Kelley to reveal the affair and Eric Cantor to notify the press. It's just that simple.

6/10

And here I was worried we'd go an entire comment section without the required dose of crazy... still, you didn't cover all the angles, completely forgetting Big Search, the Illuminati, or any mention at all of the moon landing, so I'm afraid that's going to cost you some points.

Re:

How does the end result justify anything? We still have no evidence of actual leaked, classified information. All we have is a garden-variety sex scandal. Those are a dime a dozen in Washington. It's just the timing that's poor.

Frankly, we don't even have that on Allen. It'll be eyeroll-worthy if it comes out that there never was an affair there, and the FBI was just fishing based on what they thought were flirtatious emails. Last I heard, 'tone' arguments didn't fly well with actual courts as the equivalent of 'probable cause'. Wish that was also true of the court of public opinion....

Soghoian is doing yeoman's work reporting on surveillance and evidence-gathering, but his phrasing is awfully sloppy sometimes.
"Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy)."

This is true, except for the important word "prospectively". Under the statute Chris links to, they can be compelled to save copies of things already in the account at the time the gubmint asks for it to be saved ("retrospectively), but not prospectively, meaning the government can't just demand that a provider save copies of any messages that will be received or sent in the next 24 hours, or next week, or somethign like that. The latter requires a warrant or more.

No, the story is POWER, and exposes WEIRD war-whores:

Talk about arrogant wackos (emphasis added):
"In the phone call to authorities, Jill Kelley, a party hostess and unofficial social liaison for leaders of the U.S. military's Central Command in Tampa, cited her status as an honorary consul general while complaining about news vans that had descended on her two-story brick home overlooking Tampa Bay.

"You know, I don't know if by any chance, because I'm an honorary consul general, so I have inviolability, so they should not be able to cross my property. I don't know if you want to get diplomatic protection involved as well," she told the 911 dispatcher Monday."

Re: No, the story is POWER, and exposes WEIRD war-whores:

LMAO. that whole saving draft copies so as to avoid transmitting them anywhere.... they learned it from Tom Clancy. At least i'm 99% certain that's where i first heard the technique.
It was either Clancy or another spy novel, and i'm certain i'd seen it before 2003.

Re:

"The Teeth of the Tiger" by Tom Clancy. Released in 2003. I am a huge Tom Clancy fan and I remember that was exactly how the terrorists in the novel communicated with each other.

Did someone else use a similar plot device in an earlier novel? Possibly, but I'm into that whole genre and the only one that came to my mind as I read the article and your comment was Clancy's use of it.

Re: Re:

Omega Warrior (http://www.omegawarrior.com), a recent Clancy-genre novel, has terrorists using blog and comment sites to communicate using the position of avatars. There are a ton of ways to secretly communicate if you arrange the language between the sender and receiver in advance.

Re: Re:

"Cyber Bullying"

Julian Sanchez and others keep painting the anonymous emails Kelley was receiving as "cat fight stuff" based on a single Daily Beast article that, once out the gate, every other story drew upon over the next 48 hours. This was lazy, motivated reasoning on their part. It's one thing to ask "What's in the emails that triggered FBI involvement?" and quite another to loudly and proudly that nothing in the emails constituted a crime or gave the FBI PC to investigate because Sanchez et al haven't been personally briefed on the contents.

We've known from almost the start that the emails included references to non-public movements of the Director of the CIA, and now this:
"It started in May with a spiteful email to the top U.S. commander in Afghanistan. An anonymous writer warned Gen. John Allen that a friend with whom he was meeting in Washington the following week was trouble and he should stay away from her.

Allen thought the email was a joke because he didn't know how anybody else would know about his personal plans with his friend, Florida socialite Jill Kelley, a person close to Kelley said.

...

In midsummer, Kelley shared these emails with an FBI agent, Frederick W. Humphries, whom she met at an FBI community program in 2011.

Concerned that someone was tracking the movements of Allen and Petraeus, the FBI agent set the investigation in motion when he handed the information to the FBI's cyber squad in Tampa."

So, yeah. Sanchez and everyone else can pretend that this was run of the mill cyber bullying, but that's doing their cause and everyone else who is concerned about electronic privacy, a disservice. There's no lead to exaggerate or lie or pretend. Stick to the facts!

The Night of the Generals

The Night of the Generals: General Petraeus, General Allen and General Electric

The latest super-corporate welfare scam: more tax breaks for those top corporations --- most of which don’t pay federal taxes in the first place --- which translates to government monies to them for absolutely nothing, or rather they are robbing the national tax base once again!

The corporation which will benefit the most? General Electric, of course. (The “Jobs Czar” is GE’s CEO, Jeffrey Immelt, who appears to be hellbent in making more Americans unemployed and impoverished --- WTF is he doing as the Jobs Czar?????)

From the report by Sarah Anderson, Scott Klinger and Brent Soloway: The biggest potential winners are General Electric, which could reap a tax windfall of as much as $35.7 billion on its overseas earnings stash of $102 billion, and Microsoft, which could garner a savings of $19.4 billion on its $60.8 billion in accumulated foreign earnings.

The top 63 corporations claim this will lower the national debt, but then they usually do claim the exact opposite of what their perfidy will accomplish!

Regarding the “downfall” of CIA director, General Petraeus --- it’s interesting to note that the ostensible “instigator,” Paula Broadwell, is a reservist in military intelligence.

One might construe how often, historically speaking, reservists in military intelligence have made the perfect sacrificial lamb.

It was only a few years back when a senator, working on the creation of national legislation for collective bargaining rights for all Americans, was killed, along with members of his family, in a suspicious aircraft accident.

Just prior to takeoff, a last-minute copilot replacement, Michael Guess (a reservist in military intelligence), boarded their plane with a piece of luggage.

Michael Guess had also been a friend of Moussaoui, the so-called “20th hijacker of 9/11” (Guess even gave Moussaoui his very own copy of Microsoft’s Flight Simulator).

The death of Senator Paul Wellstone (and some of the members of his family) and the downfall of Gen. Patreaus may deserve much closer scrutiny?

[Special Note: At the School of the Americas they used to teach a procedure for bringing down an aircraft. Give the unwitting saboteur a recording device (or so they would tell them) which was in actuality a container of either knockout gas or an incendiary device, armed with a pre-set timer. When the unwitting saboteur pressed what he or she believed to start the recording device, the timer would begin. Hence, the objective was accomplished and all possible witnesses were disposed of.]

From the current Corporate Crime File:

Bank of New York Mellon’s subsidiary was recently fined in the many millions of dollars for colluding with Bernie Madoff. (Not this item, this was back last April:

On Monday, the Federal Reserve reportedly fined Bank of New York Mellon $6 million for allegedly putting up ineligible collateral when it borrowed money under one of the central bank's emergency loan programs in 2008.

This item: The New York State Attorney General’s office has announced a $210 million settlement deal with Ivy Asset Management. The New York Mellon bank subsidiary had advised its clients to invest with Bernie Madoff.

House Republicans found Jon Corzine guilty of misappropriation of funds (as in stealing over $1 billion, etc.) while House Dems refused to vote him guilty as charged? Evidently, the Goldman Sachs Dems are actually different from the Goldman Sachs Repubs --- they each support different Goldman Sachs guys!

Permissions

Note that when you take a job with the CIA, FBI, NSA and all of the other 3 letter agencies. You sign off on documents that give investigators access to whatever is deemed necessary. The general should have known this but was likely to proud to think he would be looked at.

Re: Permissions

The irony in all this is that the director of the CIA was taken down by the very breeches of the 4th amendment that the average american can't even sue about because we don't have standing.
I just wish Berry and Joe would be taken down too.

Why is anyone surprised?

The DOJ routinely spies on anyone they feel like it and in any way they choose to. The Constitution and federal laws mean nothing to the DOJ. No judge would dare to call them to account; the judge would disappear quickly.

I'm still having trouble understanding the FBI's jurisdiction in getting involved in the first place. Cyberstalking laws are primarily at the state level. The only time the feds get involved is if it involves interstate or foreign commerce or children. So what right did the FBI have to investigate the initial complaint at all?

When is copying not copying?

Fta:The problem is, like so many other digital security methods employed by terrorists, it doesn’t work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy).

Re: When is copying not copying?

No, it's not a violation of copyright to provide a copy to the FBI. Especially if they had a subpoena. No court would ever rule otherwise. Kinda like if I find some cocaine on the street and turn it in to my local police department, they aren't going to charge me with posession even though I did for a time posess it.

The ridiculous part here is that, according to this article, a warrant is not needed for the draft folder. That's not only ridiculous in general... but in this case in particular, the draft folder WAS stored communications and the FBI knew this. And yet they kept reading.

So, did they have a warrant? If they did, why did the judge issue one on such flimsy grounds? I hope the FOIA requests go through quickly.

Oh, and also, since the White House has been so eagar to prosecute whistleblowers, do you think they will launch a full investigation as to who leaked information about the CIA DIRECTOR to the media? Yeah, I didn't think so. It was "leaked" on purpose. We have an administration that purposely tells the world about the affairs of someone they don't like. Classy.